I am a dissident truth journalist and activist. Also I have worked extreme high security jobs in the past but not now.
I strongly suspect that I am under an investigation of some type and my device is being directly compromised. Here are my observations in chronological order in case this can help anyone.
1 install of Graphene OS on P6a for over a year.
use auditor on an Android 8 phone to attest first use before network connected or sim inserted. (This worked until very recently on my last reinstall today, Auditor now errors and says the version is too old on my 8)
I had 6 digit PINs and 1 biometric per profile. USB-C when unlocked to use wired headphones. (health)
I turn off almost everything, vibe, turn and press to wake, and animations.
Upon leaving my phone in a friends car inside a Faraday bag (for health) it turns up 3 days later. This phone was for sure reset and at rest in this bag. However, this is before the heat firmware bug was patched.
-When I get the phone back, I notice that it prompts for PIN instead of fingerprint. No updates or changes. A swipe is required to get to the fingerprint prompt. Tried everything in forums but could not fix this behavior.
Upon certain updates, the PIN issue gets fixed but eventually reverts back after a period of time I cannot remember.
I notice another odd behavior, at certain times when I press the wake button the screen does not turn on. Even after hitting the button twice, there is a considerable amount of lag occasionally to access the lock screen.
-Another behavior new and noticed some time later, only when I press the sleep button or when screen times out, only when I have Molly on the screen, the screen turns off, then flashes on for a split second before turning off for good again. This is persistent across reboots and seemed almost 100% of the time.
-finally, Molly starts to quit and crash. I say its time for a reinstall anyways.
-upon a recent reinstall, none of the above behaviors occurred for a couple days even after loading all previous software and signing into everything again.
I decide to only use PIN no fingerprint for my own Owner profile, not much security change. Still have fingerprint to unlock.
- After leaving my recently installed and working phone unattended (again, for health, RFs) at a public place of work, and only chatting on Molly - I come back and 2 same behaviors returned. The PIN prompt bug and the delayed wake bug. (My phone is in 10/10 condition cased entire life- I suspected the button itself but after having this bug for awhile - the button is in great condition and is being pressed fully for sure.)
Due to me having just made new PINs, keys, I hide my login from cameras, and at the time I was not really doing anything that should trigger a remote compromise, I think that my phone is being professionally compromised in person while unattended, or its some really strange bugs.
I very recently installed again, now its back working 100%.
I am going to try no fingerprint unlock this time, or also maybe just remember to put at rest unattended.
I know feds have my prints I gave for security jobs, also it may be easy in some settings to obtain a print, digitize it, and get a proxy print if it's not feds. If it's not caused by extremely strange bugs the lesson from this is:
If you think you might have a higher threat matrix, do NOT use just fingerprint to unlock unattended. I deleted just the one biometric unlockable profile and tried to restore a new one from backup. The second time. This did not work, bugs remained the same on new profile. Reinstall was required to fix it again.
The 2FA login prompt also will likely patch this.
I am not that worried about it personally but - I thought I would share this unique user story as soon as I got my phone back to 100% working correctly a second time.
Thanks devs and everyone for keeping the hope of computer and digital freedom alive.